From the Boing Boing Shop

Follow Us

YouTuber PewDiePie has more subscribers than anyone else on the network, and some of his rabid fans have released at least two ransomware strains that encrypt hard drives and display a notice that informs victims that a decryption key will be made available only when PewDiePie's account gets 100 million subscribers. One of the ransomware strains also warned victims that if, at any time, the Indian Bollywood channel T-Series gets more subscribers than PewDiePie, the decryption key will not be released.

Its author eventually realized the world of trouble he'd get into if any of those victims filed complaints with authorities, and released the ransomware's source code on GitHub, along with a command-line-based decryption tool.

I made this whilst learning java 😂I hope I didn't cause to much of an issue for anyone. Here is the decryption tool: https://t.co/2hkUIsLRxv its command line based. Keep up to good work

Yesterday, the team at Emsisoft released their own decrypter app based on these two tools, meaning victims can recover files without having to wait months until PewDiePie reached 100 million subscribers.

Both ransomware strains show the level of idiocy the competition for YouTube's top spot has reached. While T-Series fans have remained mostly quiet most of this time, a portion of PewDiePie's fans appears to have lost their minds and engaged in media stunts bordering on criminal behavior.

They've defaced sites, taken over printers, and hijacked thousands of Chromecasts and smart TVs to spew out messages of support and the now-classical "subscribe to PewDiePie."

It's not yet clear where the wave of attacks originated or who is behind it. "Everyone talked about Ukraine first, but I don't know. It's worldwide," says MalwareHunterteam, a researcher with the MalwareHunterTeam analysis group.

Most troubling, perhaps, is that Petya doesn't appear suffer the same errors that stunted WannaCry's spread. The amateurish mistakes that marked that outbreak limited both the scope and the eventual payouts collected; it even included a "kill switch" that shut it off entirely after just a couple of days.

Whoever created the Wcry ransomware worm -- which uses a leaked NSA cyberweapon to spread like wildfire -- included a killswitch: newly infected systems check to see if a non-existent domain is active, and if it is, they fall dormant, ceasing their relentless propagation. Read the rest “An IoT botnet is trying to nuke Wcry's killswitch”

Motherboard has retracted this story: "Correction: This piece was based on the premise that a new piece of WannaCry ransomware spread in the same manner as the one that was responsible for widespread attacks on Friday, and that it did not contain a so-called kill switch. However, after the publication of this article one of the researchers making this claim, Costin Raiu, director of global research and analysis team at Kaspersky Lab, realized that was not the case. The ransomware samples without the kill switch did not proflierate in the same manner, and so did not pose the same threat to the public. Motherboard regrets the error."